Author: Megan Rees Ahigian

Megan Rees Ahigian is a Senior Product Manager at Threat Stack. She has built software products for a range of end users from elementary students to data center administrators. When she’s not busy securing the cloud, she can be found traveling, watching Bravo, or spending time with her dog.

As you probably know by now, containers are a high-priority topic at companies of all sizes. But there are a lot of myths surrounding this technology as well, in part because it is new and unfamiliar territory for most, and simply because the technology is so young.

In this post, we’ll debunk five of the pervasive myths and misunderstandings that surround containers, with a focus on Docker (since it is currently the most widely adopted container technology by a sizeable margin). Let’s dive in. Read more “5 Common Myths Around Moving to Docker”

Amazon Web Services, the ubiquitous cloud infrastructure provider, has made it increasingly easy for businesses to move to the cloud and take advantage of the scalability, flexibility, and cost savings this approach offers. For some businesses that are contemplating the move to AWS, you may be wondering whether it’s necessary to have a team of developers who can help to ensure that you are capable of running securely on AWS.

The short answer is: You don’t need to start from scratch when it comes to security, and you don’t need to have extensive coding resources in-house to run securely on AWS. With the right tools at your disposal, you can quickly measure compliance with your unique security policy and adapt to changes in your environment as needed.

Here’s what you need to know to run securely on AWS, with or without a legion of development resources at your disposal.

In the security world, 2016 was filled with major incidents, including massive data breaches, nation-state cyber interference, crippling DDoS attacks, and increased numbers of ransomware incidents — along with all the less glamorous, day-to-day security threats that had the potential to impact every cloud-based business in existence. So much for the bad news!

How securely configured is my AWS environment? Have I checked all the right boxes? Have I locked all my doors and windows?

With the release of AWS Configuration Auditing — a major new feature of the Threat Stack intrusion detection platform — Threat Stack is the only cloud security monitoring platform that enables customers to assure that their AWS environment is configured to policy and from there, implement continuous security monitoring, alerting, and investigation at any stage in their company’s cloud maturity lifecycle.

In the first part of 2016, Threat Stack’s Product Development team concentrated on its goal of continuing to build a powerful, cloud-based security platform with all the features users need to keep their cloud environments protected as they scale.

More recently, we have focused on our second goal — streamlining workflows in three key areas of our Cloud Security Platform® — to ensure that it is easy to use and customize, thus enabling users to move as fast as possible while they prioritize security issues and strengthen their organization’s security.

In Part 1 of this series I explained how we streamlined our Host Intrusion Detection (HIDS) workflows. In Part 2, I am going to describe improvements we’ve made to workflows in the following two areas:

At Threat Stack, we have two high-level goals when it comes to product development. First, we want to continue to build a powerful, cloud-based security platform with all the features users need to keep their cloud environment protected as they scale. And second, we want to create a platform that’s easy to use and customize, so users can move as fast as possible and also strengthen their organization’s security.

In the first part of 2016 we put a large effort into the first goal, increasing the breadth and depth of our feature set, including vulnerability assessment, more powerful investigative tools, etc. Recently we have focused heavily on the second goal, streamlining workflows in three areas of our Cloud Security Platform®:

In this post, I’ll discuss how users can customize HIDS using the streamlined rules management functionality. In a follow-up post, I will talk about streamlined workflows that are now available for server management and software vulnerability assessment and management.

As a Product Manager, it’s always your job to expand your understanding of the customer by finding out what they like and need, learning about problems they’re having, and listening to their ideas for new and improved features.